CVE-2015-3246 : libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper progr

libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.

Published 2015-08-11 14:59:07

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-3246

Redhat » Libuser
Versions up to, including, (<=) 0.56.13-5
cpe:2.3:a:redhat:libuser:*:*:*:*:*:*:*:*
Matching versions
Redhat » Libuser » Version: 0.60-6
cpe:2.3:a:redhat:libuser:0.60-6:*:*:*:*:*:*:*
Matching versions
Redhat » Libuser » Version: 0.60-5
cpe:2.3:a:redhat:libuser:0.60-5:*:*:*:*:*:*:*
Matching versions
Redhat » Libuser » Version: 0.60-2
cpe:2.3:a:redhat:libuser:0.60-2:*:*:*:*:*:*:*
Matching versions
Redhat » Libuser » Version: 0.60-1
cpe:2.3:a:redhat:libuser:0.60-1:*:*:*:*:*:*:*
Matching versions
Redhat » Libuser » Version: 0.60-4
cpe:2.3:a:redhat:libuser:0.60-4:*:*:*:*:*:*:*
Matching versions
Redhat » Libuser » Version: 0.60-3
cpe:2.3:a:redhat:libuser:0.60-3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-3246

EPSS FAQ

18.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-3246

Libuser roothelper Privilege Escalation

Disclosure Date: 2015-07-24

First seen: 2020-04-26

exploit/linux/local/libuser_roothelper_priv_esc

This module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. Th

More information

CVSS scores for CVE-2015-3246

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-3246

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3246

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html

[SECURITY] Fedora 22 Update: libuser-0.62-1.fc22

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1482.html

RHSA-2015:1482 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/articles/1537873

libuser vulnerabilities (CVE-2015-3245 and CVE-2015-3246) - Red Hat Customer Portal

CVEs referencing this url
http://www.securityfocus.com/bid/76022

libuser CVE-2015-3246 Local Privilege Escalation Vulnerability
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html

[security-announce] openSUSE-SU-2015:1332-1: important: Security update
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html

[SECURITY] Fedora 21 Update: libuser-0.62-1.fc21

CVEs referencing this url
https://www.exploit-db.com/exploits/44633/

Libuser - 'roothelper' Local Privilege Escalation (Metasploit)

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1483.html

RHSA-2015:1483 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securitytracker.com/id/1033040

Libuser Bugs Let Local Users Deny Service and Gain Elevated Privileges - SecurityTracker

CVEs referencing this url
https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt

Exploit

CVEs referencing this url

Jump to